Vulnerabilities > Synology > Photo Station > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-02 | CVE-2021-29089 | SQL Injection vulnerability in Synology Photo Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors. | 10.0 |
| 2021-06-02 | CVE-2021-29090 | SQL Injection vulnerability in Synology Photo Station Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors. | 9.0 |
| 2019-06-30 | CVE-2019-11821 | SQL Injection vulnerability in Synology Photo Station SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter. | 9.8 |